Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DuaJA08qGKDGJWqExvNnxQHgnws.roa
File:                     DuaJA08qGKDGJWqExvNnxQHgnws.roa (raw, json)
Hash identifier:          h296kmKgkp2Buq1RUjnv/9VHF1RMx/bWxbNZ+mV5PUc=
Subject key identifier:   0E:E6:89:03:4F:2A:18:A0:C6:25:6A:84:C6:F3:67:C5:01:E0:9F:0B
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DB9241562D08CE2306F98DAE665302026
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DuaJA08qGKDGJWqExvNnxQHgnws.roa
Signing time:             Thu 23 Apr 2026 07:00:42 +0000
ROA not before:           Thu 23 Apr 2026 07:00:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208504
IP address blocks:        194.231.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:24:15:62:d0:8c:e2:30:6f:98:da:e6:65:30:20:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 23 07:00:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ee689034f2a18a0c6256a84c6f367c501e09f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:44:31:15:2b:27:bf:12:0d:5c:7d:af:46:97:
                    f9:2f:5f:49:6f:45:42:47:40:1b:92:41:47:fa:23:
                    5b:71:a4:a4:f8:e8:08:15:c2:80:71:a8:f9:7d:9b:
                    13:45:ee:cb:df:e9:8f:8b:32:cd:f2:3f:5c:42:38:
                    cb:18:77:13:06:ab:56:e1:1f:f2:cb:1a:bc:cd:5b:
                    14:e5:d9:14:00:76:1a:9b:4a:4f:0b:fe:c7:2c:eb:
                    db:a7:e3:73:43:cb:b7:e8:67:9c:29:5b:0a:86:8f:
                    fa:9b:ce:d2:cc:10:6c:30:dd:49:e6:da:ef:ec:39:
                    42:07:9f:7c:98:a6:08:b3:c9:32:e2:fc:e8:a1:bb:
                    b1:77:d5:3e:19:08:b7:7d:d3:56:9b:ba:43:4c:60:
                    54:2a:fe:4c:c3:4c:82:85:22:25:23:ef:8e:d9:60:
                    fe:4d:4f:a7:a3:ff:c5:75:26:be:91:70:e9:26:dd:
                    a5:2f:4e:21:ca:95:a0:b2:8f:1c:7c:f5:18:c0:5a:
                    0a:86:71:1c:9a:41:7a:0c:e1:fe:8e:68:15:30:7e:
                    1b:26:25:92:49:ed:61:9a:97:b8:f5:38:98:e3:aa:
                    ba:99:0c:ce:f2:b8:82:c1:55:10:ba:2d:2a:c7:25:
                    6f:86:2a:c9:9d:9d:be:78:aa:cf:07:42:e5:b5:4d:
                    25:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E6:89:03:4F:2A:18:A0:C6:25:6A:84:C6:F3:67:C5:01:E0:9F:0B
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/DuaJA08qGKDGJWqExvNnxQHgnws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:84:22:63:ad:01:58:3e:a9:18:a5:c5:42:77:3d:d3:fc:dc:
         80:fd:dc:6a:22:5e:bf:10:c6:da:dd:d5:ef:41:b6:60:dd:68:
         c4:a1:c5:aa:ed:3d:83:8f:63:d3:e5:1d:89:8b:93:13:96:a8:
         56:f5:ea:85:b5:b6:b9:1b:bb:d0:94:fd:bc:f6:e9:a0:1f:ce:
         3a:50:26:bc:fb:c6:18:3f:f5:5e:92:b6:48:1d:d5:79:0a:b2:
         e1:35:9d:ed:a5:08:9b:24:be:e2:68:7c:72:3f:9f:54:47:41:
         ef:da:99:04:e6:b3:c7:3a:fd:0e:19:5e:9f:84:f8:89:21:90:
         59:2d:cc:b4:4e:a3:fa:59:5f:0f:24:6e:94:10:c3:da:db:04:
         30:0d:19:8a:9a:f7:bc:db:ca:c1:f1:38:f6:cd:bb:a9:78:78:
         9c:96:a6:28:33:12:7e:a0:7d:d4:a8:21:ee:1f:8a:16:10:9e:
         05:ab:3f:7f:1c:67:6d:cd:f6:79:10:7d:dc:6a:b0:78:3e:b4:
         03:f4:ad:59:b3:de:93:f8:77:67:47:c8:cb:3d:43:1b:5f:58:
         3c:58:26:77:38:02:73:92:d5:e1:3e:2b:19:a4:92:34:25:38:
         ac:22:fb:9e:72:75:c5:b9:e0:ae:34:d1:76:8c:cb:40:c2:ba:
         81:96:51:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ25JBVi0IziMG+Y2uZlMCAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDIzMDcwMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWU2ODkwMzRmMmExOGEwYzYyNTZhODRjNmYzNjdjNTAxZTA5ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkQxFSsnvxINXH2vRpf5L19Jb0VC
R0AbkkFH+iNbcaSk+OgIFcKAcaj5fZsTRe7L3+mPizLN8j9cQjjLGHcTBqtW4R/y
yxq8zVsU5dkUAHYam0pPC/7HLOvbp+NzQ8u36GecKVsKho/6m87SzBBsMN1J5trv
7DlCB598mKYIs8ky4vzoobuxd9U+GQi3fdNWm7pDTGBUKv5Mw0yChSIlI++O2WD+
TU+no//FdSa+kXDpJt2lL04hypWgso8cfPUYwFoKhnEcmkF6DOH+jmgVMH4bJiWS
Se1hmpe49TiY46q6mQzO8riCwVUQui0qxyVvhirJnZ2+eKrPB0LltU0lmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7miQNPKhigxiVqhMbzZ8UB4J8LMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvRHVhSkEwOHFHS0RHSldxRXh2Tm54UUhnbndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueXMA0G
CSqGSIb3DQEBCwUAA4IBAQBShCJjrQFYPqkYpcVCdz3T/NyA/dxqIl6/EMba3dXv
QbZg3WjEocWq7T2Dj2PT5R2Ji5MTlqhW9eqFtba5G7vQlP289umgH846UCa8+8YY
P/VekrZIHdV5CrLhNZ3tpQibJL7iaHxyP59UR0Hv2pkE5rPHOv0OGV6fhPiJIZBZ
Lcy0TqP6WV8PJG6UEMPa2wQwDRmKmve828rB8Tj2zbupeHiclqYoMxJ+oH3UqCHu
H4oWEJ4Fqz9/HGdtzfZ5EH3carB4PrQD9K1Zs96T+HdnR8jLPUMbX1g8WCZ3OAJz
ktXhPisZpJI0JTisIvuecnXFueCuNNF2jMtAwrqBllFd
-----END CERTIFICATE-----